x509: Correctly parse nonce in OCSP response
authorTobias Brunner <tobias@strongswan.org>
Fri, 22 Nov 2019 15:36:20 +0000 (16:36 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 6 Dec 2019 08:52:30 +0000 (09:52 +0100)
Fixes: d7dc677ee572 ("x509: Correctly encode nonce in OCSP request")

src/libstrongswan/plugins/x509/x509_ocsp_response.c

index 75eb9d7..f3ade37 100644 (file)
@@ -577,7 +577,9 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
                                DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                break;
                        case BASIC_RESPONSE_EXT_VALUE:
-                               if (extn_oid == OID_NONCE)
+                               if (extn_oid == OID_NONCE &&
+                                       asn1_parse_simple_object(&object, ASN1_OCTET_STRING,
+                                                                               parser->get_level(parser)+1, "nonce"))
                                {
                                        this->nonce = object;
                                }